Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/q84AaJRpOhzFPpFr7tlrPqTshb8.roa
File:                     q84AaJRpOhzFPpFr7tlrPqTshb8.roa (raw, json)
Hash identifier:          g35730pd0RUf60GC4LGRJrWxVrwNxUwgFqdI6MuN0cE=
Subject key identifier:   AB:CE:00:68:94:69:3A:1C:C5:3E:91:6B:EE:D9:6B:3E:A4:EC:85:BF
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       018F385970A8C145F5641DD375C47639C996
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/q84AaJRpOhzFPpFr7tlrPqTshb8.roa
Signing time:             Thu 02 May 2024 08:08:56 +0000
ROA not before:           Thu 02 May 2024 08:08:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215567
IP address blocks:        5.178.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:38:59:70:a8:c1:45:f5:64:1d:d3:75:c4:76:39:c9:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: May  2 08:08:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abce006894693a1cc53e916beed96b3ea4ec85bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:22:f8:6b:2f:ac:30:a6:92:99:3e:7d:c3:a4:
                    a8:6c:00:cf:77:27:59:93:1b:fa:67:28:a3:b7:17:
                    90:ae:0c:2a:c6:38:b9:31:38:f9:3e:68:bf:cb:67:
                    b9:f7:9e:ad:e1:40:2e:d9:82:8d:f1:42:00:f4:bd:
                    3d:6a:a4:07:54:22:51:0c:fd:e2:af:96:4e:e5:5f:
                    62:1c:63:db:31:40:e4:b4:e5:8c:6e:55:7f:79:75:
                    05:33:6b:78:82:f1:4b:60:b7:e1:95:76:40:ce:18:
                    b5:79:b3:3d:a9:a7:12:0f:8d:76:54:00:8a:8a:ae:
                    fe:89:05:54:7f:d9:38:43:3e:8a:64:28:0e:18:68:
                    92:10:18:18:b4:a1:ec:5a:13:6f:bf:58:a0:56:87:
                    06:6a:05:8f:51:dd:7f:cb:cc:f9:43:96:d9:1e:e3:
                    05:fd:fc:14:37:4d:ed:9f:17:6b:5c:1b:df:c1:53:
                    89:0b:53:c7:01:02:2f:f3:f6:98:f9:90:36:e3:7b:
                    f8:68:2b:b1:88:37:e6:e5:e5:3a:23:c9:04:90:ef:
                    b1:89:17:c7:14:8f:7a:77:70:2c:3b:45:44:04:14:
                    45:3f:3d:77:02:22:74:13:05:77:1d:12:81:36:a5:
                    b2:8e:78:bd:05:d7:66:0b:77:f6:29:47:23:56:4f:
                    e4:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:CE:00:68:94:69:3A:1C:C5:3E:91:6B:EE:D9:6B:3E:A4:EC:85:BF
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/q84AaJRpOhzFPpFr7tlrPqTshb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:65:46:67:10:5c:75:01:0f:ba:6a:c0:2a:25:94:da:db:e9:
         36:16:44:cd:14:5d:3c:e6:71:59:e1:47:1b:41:59:06:64:d8:
         c0:31:4e:1e:cd:ef:93:46:b3:98:e6:74:7c:8f:ae:ba:f1:38:
         07:41:59:a1:22:3a:f3:ec:3a:a1:6d:de:5d:6e:d9:c5:88:7d:
         70:9b:4c:4b:18:f4:3b:07:ea:56:d3:09:4e:7f:78:ff:66:47:
         6b:13:26:43:f8:86:4a:41:f3:d1:cb:7a:bc:76:82:06:ea:13:
         ab:03:0f:41:4e:96:65:fb:3b:f7:07:c5:55:b3:82:5e:7f:f2:
         01:86:83:3a:9f:16:99:b4:86:0e:b2:56:22:ab:8d:47:87:a3:
         f4:cd:67:32:e1:09:eb:8a:44:70:bd:7a:6c:f3:4c:4d:78:25:
         9e:8b:67:79:8b:4d:96:90:08:3c:91:15:cf:7f:77:ae:c2:af:
         07:35:f2:d4:2c:66:ea:7a:2e:7b:3e:b2:f0:ea:d0:3c:18:0e:
         32:14:ea:e9:4b:3c:c2:08:be:08:d2:85:51:c9:eb:74:82:ce:
         41:6d:61:d6:96:66:5a:44:4f:a1:fc:7d:4c:5d:91:6d:f1:a1:
         18:00:58:4d:41:a0:9d:aa:67:ff:b3:80:f4:c2:12:43:81:bc:
         19:7e:9d:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY84WXCowUX1ZB3TdcR2OcmWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwNTAyMDgwODU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmNlMDA2ODk0NjkzYTFjYzUzZTkxNmJlZWQ5NmIzZWE0ZWM4NWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriL4ay+sMKaSmT59w6SobADPdydZ
kxv6ZyijtxeQrgwqxji5MTj5Pmi/y2e5956t4UAu2YKN8UIA9L09aqQHVCJRDP3i
r5ZO5V9iHGPbMUDktOWMblV/eXUFM2t4gvFLYLfhlXZAzhi1ebM9qacSD412VACK
iq7+iQVUf9k4Qz6KZCgOGGiSEBgYtKHsWhNvv1igVocGagWPUd1/y8z5Q5bZHuMF
/fwUN03tnxdrXBvfwVOJC1PHAQIv8/aY+ZA243v4aCuxiDfm5eU6I8kEkO+xiRfH
FI96d3AsO0VEBBRFPz13AiJ0EwV3HRKBNqWyjni9BddmC3f2KUcjVk/kywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvOAGiUaTocxT6Ra+7Zaz6k7IW/MB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvcTg0QWFKUnBPaHpGUHBGcjd0bHJQcVRzaGI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbJtMA0G
CSqGSIb3DQEBCwUAA4IBAQCfZUZnEFx1AQ+6asAqJZTa2+k2FkTNFF085nFZ4Ucb
QVkGZNjAMU4eze+TRrOY5nR8j6668TgHQVmhIjrz7Dqhbd5dbtnFiH1wm0xLGPQ7
B+pW0wlOf3j/ZkdrEyZD+IZKQfPRy3q8doIG6hOrAw9BTpZl+zv3B8VVs4Jef/IB
hoM6nxaZtIYOslYiq41Hh6P0zWcy4QnrikRwvXps80xNeCWei2d5i02WkAg8kRXP
f3euwq8HNfLULGbqei57PrLw6tA8GA4yFOrpSzzCCL4I0oVRyet0gs5BbWHWlmZa
RE+h/H1MXZFt8aEYAFhNQaCdqmf/s4D0whJDgbwZfp1/
-----END CERTIFICATE-----